Docker Hardened Images
Docker Hardened Images (DHI) provide minimal, secure, and production-ready container images, Helm charts, and system packages maintained by Docker. Designed to reduce vulnerabilities and simplify compliance, DHI integrates easily into your existing Docker-based workflows with little to no retooling required.
DHI is available in the following three subscriptions.
| Feature | Community | Select | Enterprise |
|---|---|---|---|
| Hardened, minimal images | β | β | β |
| Near-zero CVEs | β | β | β |
| Verifiable SBOMs & SLSA Build L3 provenance | β | β | β |
| Full, unsuppressed CVE visibility | β | β | β |
| Drop-in adoption, no workflow changes | β | β | β |
| Full catalog of open source images under Apache 2.0 | β | β | β |
| Built with Docker Hardened System Packages | β | β | β |
| Upstream cadence for Docker-released patches | β | β | β |
| FIPS/STIG variants | β | β | β |
| Critical CVE fixes < 7 days with SLA-backed continuous patching | β | β | β |
| Customizations | β | Up to 5 | Unlimited |
| Access to Hardened System Packages repository | β | β | β |
| Full catalog access available | β | β | β |
| Extended Lifecycle Support add-on available | β | β | β
Includes: β +5 years of hardened updates β Maintains security updates after upstream EOL β SBOMs & provenance β Protects long-lived workloads |
For pricing and more details, see the Docker Hardened Images subscription comparison.
Explore the sections below to get started with Docker Hardened Images, integrate them into your workflow, and learn what makes them secure and enterprise-ready.